Check an IP Address, Domain Name, Subnet, or ASN

20.127.195.254 was found in our database!

$ whois 20.127.195.254

country·🇺🇸 United States

city·Washington

isp·Microsoft Corporation

asn·AS8075

network·Standard

$ sikker risk 20.127.195.254scoring →

confidence

56%Medium

first_seen·Jan 23, 2026

last_seen·1h ago

sessions·86

events·104

$ sikker protocols 20.127.195.254

HTTPS

37 / 43

HTTP

7 / 13

SMTP

8 / 12

SMB

6 / 7

POSTGRES

7 / 7

IMAP

6 / 6

TELNET

4 / 4

SSH

2 / 3

DOCKER

3 / 3

ELASTICSEARCH

3 / 3

MSSQL

2 / 2

SIP

1 / 1

$ sikker summary 20.127.195.254

20.127.195.254 has a threat confidence score of 56%. This IP address from United States (AS8075, Microsoft Corporation) has been observed in 86 honeypot sessions targeting HTTPS, HTTP, SMTP, SMB, POSTGRES and 7 other protocols. First observed on January 23, 2026, most recently active March 21, 2026.

$ sikker behaviors 20.127.195.254catalog →

infoHttp Root Path Request5x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoDocker Invalid Protocol Probe1x

Client repeatedly sends GET requests to the /bad-request Docker API endpoint, indicating malformed or incompatible traffic against the Docker daemon. This pattern is typically associated with generic internet scanning or tools attempting HTTP interaction without speaking the proper Docker API protocol.

$ sikker primitives 20.127.195.254

http_method_get5 smtp_ehlo_greeting4 docker_get_method3 elastic_http_get_request3 docker_bad_request_uri1 elastic_http_bad_request_path_probe1

$ sikker related 20.127.195.254

Report IP WHOIS Lookup →

IP Address	Confidence	Events
20.102.112.104	82%	1,155
172.211.56.214	100%	581
52.174.144.106	24%	58
172.191.157.64	100%	980
23.97.62.115	100%	703

IP Address	Confidence	Events
97.74.90.88	97%	2,663
199.195.251.10	100%	553
65.49.1.152	100%	1,225
23.95.86.214	90%	240
92.118.39.62	100%	372,118